Posted
by
timothy
on Wednesday April 17, 2002 @10:30AM
from the the-sanest-days-are-mad dept.

Peter Wayner writes: "A friend of mine who works as a public defender knows a thing or two about selling fear to
the jury filled with doubts. Several months before December 31st, 1999, he asked me if we
should be worried about the Y2K disasters. My answer was: The machines crash every day.
Why should it matter if it happens on December 31st?" This time around though, the fears are of a different nature and scope: Peter reviews below Edward Yourdon's latest book Byte Wars, one aimed at everyone concerned about online terrorism in the post-9/11 climate.

Byte Wars: The Impact of September 11 on Information Technology

author

Edward Yourdon

pages

300

publisher

Prentice Hall

rating

7

reviewer

Peter Wayner

ISBN

0130477257

summary

Plainspoken but fear-centric advice for reducing the dangers of vandals or terrorists to online systems.

My friend who nodded as if this was the same game he played every day in the courtroom. If
no one knew what was going to happen, the jury's instincts could be manipulated with a
mixture of fear, sympathy and tribalism. Juries were always afraid of watching a good,
relatively innocent man lose everything, he explained. Corporate executives were just as
worried of the same thing happening to them.

The Y2K binge is long gone and the biggest effect on computers seems to be found in the
bits representing the bank accounts of Y2K consultants. Gimmicks may fade but human nature
and human fear remains the same. The destruction of the World Trade Center has given new
life to the fear mongers who worry that someone may obliterate our electronic
infrastructure. Edward Yourdon, the old school computer consultant who made plenty of
noise about Y2K, is back with another book, Byte Wars: The Impact of September 11th on
Information Technology .

When I say old school, I mean that he started programming and writing about programming in
the mid 1970s and this shows in the way he spells ( "Obe Wan Kenobee")
and talks about "paradigm shifts" instead of "memes." He comes from the age group that
decided how much to spend on Y2K and he knows how to talk to the group that will control
how much we spend on our fears of terrorism.

There is no mention of his record on Y2K on the book cover or the biography, but if you're
interested, the net never forgets. The book does mention the scary days of December 1999 a bit in
passing, but only to note that there was "very little awareness in the media" that some
"small organizations did suffer moderate-to-severe Y2K problems." He also notes with some
pride that many companies survived the turmoil after the World Trade Center attack because
they made so many preparations for the turn of the millennium.

This time around Yourdon is blessed with a much more concrete threat and this both helps
and hurts his cause. On one hand, no one can debate the power of airplanes as weapons in
the same way we can still debate whether Y2K would make a difference to embedded
controllers. On the other hand, it's not really clear what the latest attacks have to do
with computer networks. He even notes that the DOD's computers were relatively unhurt by
the destruction of the Pentagon. How many web sites or e-commerce sites can anyone knock
out with a box cutter? One company I knew with offices on the 81st floor of the World
Trade Center used a co-lo facility that survived. Their web site kept on pumping out hits
even after their entire office turned to dust.

Yourdon dodges all of this by being politely vague and abstract. His chapter on risk
management, for instance, counsels that we should find a "realistic assessment of risks"
and weigh the probability against the danger. If we develop a process to deal with the
risk, then we can ensure that the risks are shared between the stakeholders. Most of the
chapter could have been written at any time about any risk , but he makes it all a bit
more current by including a few references to kamikaze players who are shifting the
paradigm.

Some of his advice gets so abstract that it's hard to know exactly what he is suggesting.
He tells us to "examine the practical impact of increased security and decreased privacy."
To him, that means warning people who rely upon the social freedom of "don't ask, don't
tell" to realize that so much information about us will eventually be documented by the
new security state. "Now is the time to think about such matters, not two or three years
from now when you suddenly find that you can't get a job, or can't buy a house in a
particular neighborhood." Should we rise up or acquiesce? Which side is he on? I'm still
not sure. He does such a good job playing to everyone's fears.

Occasionally, he doles out some practical advice that is close to the needs of managers
worried about the aftereffects of 9/11. We are told that terrorists may be posing as
"ordinary employees" or even government employees who've "risen to high levels of trust
and authority." He reminds us that "hardly anyone watches the programmers." Is some
terrorist slipping in a buffer-overflow loophole? Or maybe just a crook? One of the most
practical suggestions is that corporations should do more code reviews.

He's also hip to some of the latest intellectual fads. Emergent organisms like Napster can
be useful and resilient. He's a big fan of empowering employees by cutting away
bureaucracy so the organization can evolve some emergent intelligence. Of course, we must
also be ready for more scrutiny from the security bureaucracy checking to ensure that the
emergent organism isn't evolving buffer-overflow backdoors. This gets a bit confusing and
he waves away much of conflict with abstract calls for balance.

In the end, Yourdon can't offer many answers because there aren't many answers to give. We
had risks, terrorism, info warfare, bombs and whatnot before September 11th and we'll meet
them again despite the security. Anarchists detonated a horse powered wagon filled with
explosives in front of the NY Fed in the 1920s. Not much has really changed and the book
ends up being a distilled version of the inchoate fears that haunt us.

The real challenge is determining how much fear we should have. Yourdon is far from the
only person who automatically assumes that the attacks on New York mean more attention to
cybersecurity. All of the major beltway consultants near Washington are gearing up with
the new tools. The more I read the book, the more I began wondering why. Why do some
kamikaze hijackers mean that the web needs to be locked down? Who really has time to worry
about some al Queda l33t d00dz owning my site when so many people are dying true deaths
that can't be fixed with backup tapes?

At the end of one of the chapters, Yourdon exhorts us to get our act together and secure
our home computers. Our old, pre-9/11 computing style was equivalent to "living in a house
with the doors and windows wide open", he says, something that was "a pleasant way to live
if you were in a small town in the 1950s."

Ah, the 50s. He and everyone else should rent a copy of George Lucas's pre-Star Wars
classic, "American Graffiti." In one scene, the teenagers cheerfully drop a cherry bomb
down the school's toilet. In another, they destroy a police car by wrapping a chain around
the rear axle. The laugh track blessed both events in the movie, but all of us know that
they would bring out the SWAT teams today.

The movie managed to avoid much of the discussion about Eisenhower, Francis Gary Powers,
the Russian H-Bomb, or any of the other fears rippling down our spines. The 50's seem so
much more fun after editing out the fact that the Russians had (and still have) fusion
bombs on the tips of missiles. No amount of frisking by airport security can keep them out
of our airspace. Yet we survived and managed to laugh about kids trashing police cars.

Another solution is not to quiver and worry about Osama bin Hacker's script kiddies. We
can redefine the terms of engagement in much the same way that the cops in the "American
Graffiti" just laughed at those impish kids. Hacked web sites are easy to restore if you
have adequate backups. Denial of service attacks from zombies on cable modems sound
threatening, but they rarely last longer than Friday evening rush hour.

It's hard to argue with much of the plainspoken, largely abstract advice offered by
Yourdon. All of it makes good sense. The harder problem is finding the right attitude to
carry us through the night. This book is filled with worry for our future and awe of the
unseen l33t d00dz hiding under the bed. There are bits of light and a stab at optimism
near the end, but most of the book trades on the thoughts that will keep us up well past
midnight.

9/11 can tie into anything. soon after the event, as i turned to the food section of my daily paper, i thought "at least they won't tie this into 9/11". but there it was: an article on comfort food and fear of terrorism!

This five-step process works for any security measure, past, present, or future:

What problem does it solve?

How well does it solve the problem?

What new problems does it add?

What are the economic and social costs?

Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.

I'm sorry, I stumbled into the conversation late! But with all this talk about RMMM (risk management, mitigation, and monitoring) I was harkened back to my first seminar about Software Engineering and that Pressman book...

The only difference being that Pressman gives some examples.

And yes, it is a process, just like any other business/engineering process. Just let engineers run the world... we'll get it together!

I don't know how many of you get Software Development magazine, but they had an interesting article on wicked problems in the latest issue. The quick definition from the article header is this:

When you're scrambling to complete a never-ending task and no one can decide what "done" means, it helps to know that there's a name for this situation--and it's not a four-letter word.

This is essentially what the problem is with developing security plans--you never really know when you are done. The other problem is that you never have one true answer. Sure a national ID card seems like a good idea, but is it the right answer to the right question? Anyway, you can find the article here: Wicked Problems [sdmagazine.com].

This apprach doesn't leave open the concept of prevention. It assumes that problem must already exist before a solution can be justified. This 5-step process seems overly naive to me. Creating a solution that can deal unforseen problems is good design.

What problem does it solve?
It prevents unforseen problemsHow well does it solve the problem?
Reduces them by 5% What new problems does it add?
I don't think we need to answer this to demonstrate that this process can be applied to unforseen problemsWhat are the economic and social costs? This tooGiven the above, is it worth the costs? Also.

Basically, Schneier's 5-step plan is called the "Stock Issues" model [letu.edu] for arguing a policy change.

Stock Issues has been around for a long time, which is not to say that Schneier is wrong in using it: to the contrary, he's correct. I wonder if he re-invented it, or if he knew about Stock Issues when writing that 5-step plan?

It's probably worthwhile to structure every "case" you hear for some change in the form of Stock Issues, even changes contrary to your own point of view. If you can figure out what the "case" for a change you don't like is missing, or where it's wrong, you can try to shoot down the change with that information.

National ID cards are a purported solution without any clear problem. Increased net surveillance has been......
lets see, The privacy act of '74 enacted legislation to prevent the use of such things....ie SOCIAL SECURITY CARDS used as ID's
I don't know the entire legislation or the complete legalities, however, I do know that the # is supposed to be used for only a couple of things, not EVERYTHING

I remember going to the Official Time Clock of the US Naval Observatory

i went there a few years ago and found the clocks didn't work. the html was so badly broken that it was amazing the browser didn't crash. i sent them a message about that, and they replied that the site was "browser dependent". in a way -- netscape tolerated the errors enough to put up some clocks; other browsers did not.

i just went back. the site is different but still broken. for example:<img SRC="/cgi-bin/nph-usnoclock.gif?zone=EST;ticks=11" ALT IMG SRC="/cgi-bin/gifclock.gif?zone=EST">

some of their img tags have alt text saying that you need netscape!

i don't understand how this site was made. there are html editors that make bad code, but that bad? but how could a human produce such nonsense by hand?

It's such a simple formula to fix all those 19102 clocks, too.
For the Perl localtime function (which on my machines the year was coming up as 100), I simply had to do this on all my scripts:
$year = $year + 2000 - 100;

Sadly though, as the reviewer implies, Yourdan is the Oracle of Delphi to many PHBs who's computer education ended with dataflow diagrams and HIPO charts. Why? Because their '70s era college texts for IS consisted largely of books by or inspired by Yourdan; because Yourdan has gotten rich selling his snake oil; and because they fancy they'll get rich, too. You know the type of manager I mean--the same sort of IS dumbass that thinks you need Windows servers and that everyone should be running Outlook. Solution? You got me! Every place I've been with more than a couple of dozen employees has had a Yourdan disciple in management.

Mind you, this is the guy that in mid-1999 announced that he was selling his house, pulling out of the stock market, and moving to a farm in the middle of Montana or someplace, before the societal upheaval hit, "just in case". I remember wondering at the time what he was going to do if the apocalypse *didn't* come, since he wasn't going to have any credibility left. I guess this is what happens - people have really short memories.

He's definitely a smart, sometimes clueful guy, but the sky is always falling.

This review was very well done.
I especially appreciated the link back to some
of the author's previous (and now, dubious) work.
Heh, heh, heh... Give that man a "5" for "funny"!

This author looks like the run-o'-the-mill
fear-mongering sort that the media loves to
trot out when they've got no real news
to talk about. So why on earth are we hearing
about him at all?

Hmmm.... Maybe I should start writing book
reviews for Slashdot! "Review: Discourses
of Epictetus, a rational look at the
problems of today's world politics and our
individual lives"... written only 1900 years ago!

This has got to be the best book review I have read in at least a year... Even my short attention span could not distract me from it. He hit the nail on the head when he talked about the "fear-mongering" that goes on.

I remember trying to use the Yourdon method on a project. We had to draw a hell of a lot of process diagrams that decomposed into lower and more detailed levels. Nobody did all the charts right, and when we were done with the charts nobody looked at them again. It was just a big time sink. We also spent a fortune on CASE tools to draw the damned things. My job was to convince everyone to use these tools and draw the diagrams.

Basically I'd say the guy has been wrong on everything he's ever written. If I was concerned about what terrorists might do to our IT infrastructure before I suppose I should be less concerned now.

I had similar problems circa 1985. I was responsible for a division that was developing a new SCADA project and decided to follow Yourdon as the recommended company standard.

The project was not a success, and I spent some time afterwards trying to analyse why. Firstly, Yourdon followed properly shouldn't lead to this over reliance on process diagrams - but the tendency of those who were not experienced with it (in my case the whole team - despite considerable investment in training). I concluded that for "functionally oriented programmers" as opposed to OO specialists (which didn't really exist in 1985) this was the natural thought process even though it was wrong.

Secondly this over reliance on process flow leads to lack of attention to the data model (as in ERD) side of things. As those who've tried to do an OO development with none OO experience people - there seems to be a natual block to address this side of the problem.

The net result was a very messy and inefficient solution. Our product was full of bugs which took ages to fix.

In the end I became the chief engineer for our subsidiary and was able to change the policy. I arranged - and persuaded many of our senior managers to attend - a one day data modelling seminar.

I think many of these methodologies work much better used as a bunch of tools (diagrams, processes, models) that can help you in your search for The Right Thing(TM), rather than a process to be blindly followed despite all intuition (like some Pointy-Haired ones advocate). Software is a creative field; rigidly-defined, objective methodologies can help, but they can't do the job for you.

I was a Y2K consultant back in the (not so distant) day. And while the problem was more real than most would have you believe, (trust me on this, I was involved in some of the high-impact areas like utility infrastructures and healthcare, it could have been pretty bad), I swear we had just as much hassle dealing with the PHB's who'd read his stuff as we did handling the real issues!
The guy is a rabble-rousing fear-monger!

The problem was that everybody thought that Y2K was an issue whose effects would only be noticed in Dec 1999 and Jan 2000. The first Y2K failure I heard of occured in about 1996 when a retailer was putting corned beef (the tinned stuff we have in GB, not the stuff in the US) into their stock control system. Tinned corned beef has a very long shelf life, and they couldn't put it into the system until the Y2K (aka century bug) had been fixed.

The acid test for most people was the first quarter of 1999 when budgets and cash flows for the financial year April 1999 - March 2000 were being worked out. Financial systems had to be fixed by then.

By December 1999, 95% of the Y2K faults would have either been fixed or have long since caused failure.

suicide bombers. anyone who puts in the effort can do it. the reason or planet generally survives this is because the vast majority of people are not this way. I personally am in a position such that with the click of a few buttons, or by rewriting one line of code i could cause tens of millions of dollars of damage to multiple production facilities around the world. i probably could even injure people if i got the timing right. but I could just as easily strap on some bombs and detonate myself on a crowded subway too. yet i'm fairly certain i'll never do these things. but surely someone out there will, and we'll just have to deal with it, like we always do.

I think you're absolutely right, and yet I also think I'm beginning to hate how cynical statements like that sound and how cynical I must have somehow become in agreeing with statements like that.

I would like to point out, however, that sabotage through the internet is very unlike a suicide bomber in that provided you are not caught, a would-be saboteur could feasibly sabotage again, and again, and again. Successful suicide bombers have but one shot to hurt people.

I am quite convinced that because of this, despite the new fear experienced by many post-9.11, suicide bombers are still the least of our immediate first-world worries.

Theoretically, internet sabotage could be more subtle. It's also less prominent in the minds of most civillians, I'd think, than the various sorts of non-subtle kamikaze attacks, much the same way "Gee, if I were a murderous suicidal microbiologist, I might be able to genetically engineer or choose a virulent airborne contagion with a decent incubation period, infect myself with it, and mingle in public places" is probably an unusual thought. 9/11 raised awareness of conventional kamikazes, but I wouldn't bet on that awareness having translated to other areas.

Raising awareness of the possibility is probably a reasonable thing to do, as long as it's a realistic view -- for instance, it would be preposterous to suggest that a systems cracker could directly launch from the US nuclear arsenal, given the air gaps and other precautions built into the system, nor are hostile programmer likely to be able to send satellites crashing down on the White House without access while designing the systems.

Theoretically, internet sabotage could be more subtle. It's also less prominent in the minds of most civillians

Good Point.

However, that is exactly the point I would use to make the case that threats to our infrastructure would not come from terrorists, but disgruntled employees and the usual Internet/computer culprits.

9/11, bus bombings, USS Cole, etc. all share high visibility, pictures or live video that makes it exciting.

How many martyrs are going to be attracted by, "well, we think we cost the phone company several tens of thousands of dollars! God is great!"

To put it simply, I think the motive of the traditional terrorist attacker is going to make attacks on organizations by costing them money unattractive.

It takes a lawyer-infested culture like that of the United States to think a "make them spend/lose money" type attrition attack is a good way to operate. Note, I live in the US, this is just an example.

The WTC wasn't a big enough hulking piece of concrete for most co-los to house themselves in. Every big co-lo I know of is in the equivelant of an underground parking deck with 50+ feet of concrete above them. I doubt an airplane would do a whole lot to that.

How does your question reflect on the relevance of the WTC and Pentagon attacks in relation to computer networks? What if the jet had crashed into WalMart? Should Kathy Lee write a book telling the fashion industry how to protect it's valuable interests in the wake of terror attacks?

Peter raised the question of what the attacks on the Pentagon and WTC had to do with computer networks. Here's the statement in context.

On the other hand, it's not really clear what the latest attacks have to do with computer networks. He even notes that the DOD's computers were relatively unhurt by the destruction of the Pentagon. How many web sites or e-commerce sites can anyone knock out with a box cutter? One company I knew with offices on the 81st floor of the World Trade Center used a co-lo facility that survived. Their web site kept on pumping out hits even after their entire office turned to dust.

The attacks underlie the premise of the book, but their relevance to the topic of the book is entirely suspect.

Sure. But we weren't concerned about the average number of computers crashing, we were concerned about more computers crashing than normal. And these crashes being more difficult to fix than usual because so many people wrote their own (broken) date routines - there was no single point of failure. This could lead to cascade failures and it was not clear that any natural firebreaks existed to limit the damage.

The best analogy is probably the road net and accidents. You can usually handle a single big accident without a problem. Even two. But at some point you have so many accidents that the system can't cope. But even one really bad accident can shut down traffic citywide for hours, e.g., the torpedo spill at the intersection of I-25 and I-70 in Denver.

We saw this phenomenum in action after 9/11, when the air traffic system shut down, and later when there was the anthrax scare.

Was Y2K oversold? Of course, but the worst offenders were non-techies pushing their own questionable goods or techies trying to reach management too focused on a 6- or 12-month window.

I worked on date correction hardware in 1999. We were making a product that corrected the hardware real time clocks in PCs. Basically all of them were broken. Our sales people would go out and convince people that it was important. Our cards weren't expensive, and the firmware/drivers were tested better than anything I've ever worked on. There was basically two types of people: gimme and cynical. We supplied good support to the people who said gimme and sold a lot of cards. The cynical people would waste our time sitting through our demos, arguing about the impact. Eventually they ran out of time. We personally went to every single one of them after y2k and asked them how it had gone. The sales guys would tell me how fucked their systems were. Some experienced huge data losses which we really couldn't explain.

Compaq computers have an embedded processor which supplies the entire southbridge, ie, IBM PC compatibility. They offered to their customers a firmware upgrade that would make their computers y2k compliant. We found out about this after we had sold a lot of cards and people were coming back to us for refunds. Why we gave a refund because they had failed to do their homework I dont know. After y2k all their systems were fucked. Compaq's firmware didn't do the job.

In 2001 I got a call from this company saying they had about 400 cards left and they couldn't sell them (obviously). So I was hired to rewrite the firmware to make the card somewhat useful. Using the onboard real time clock we made a card that could lock a computer between certain times. Totally useless product in my opinion. They're on their 8th production run (or something, I dont talk to them anymore).

Call them what you will, but if all these technology startups had hired a sales force like the one I had the pleasure of working with in 1999 we might see a few less chapter 11s.

Although I agree with the thrust of your comment, I don't think we did see this in the air-traffic control system -- it was shut down deliberately and not ungracefully. Nobody was left hanging in the air looking for clearance.

We did see this sort of thing in the 1977 NYC blackout, with multiple lightning strikes causing cascade failures. In that instance the system protected itself and could later be brought back online, so in a sense it was designed behaviour, but it didn't seem to be a lot of fun for people in NYC.

Perhaps one reason Y2K fizzled was BECAUSE of the attention. I found plenty of Y2K bugs in 1999. None of them were most important than the regular bugs I fixed all the time, but if they had all hit 1/1/19100, it would have been a real PITA.

This article is more rant than review. The "reviewer" seems to be more into spin than programming judging by his extensive views regarding Y2K warnings. He has just used this book to express his views on the subject without telling us much about the content of the book.

You're wrong. There are plenty of quotes from the book. The rant is tacked on the end, but the first part does an adequate job of describing Yourdon, his track record, and what he's offering. The rant is in direct opposition to the book so I say that it's fair.

Yourdon's early books were great, but now it's just a bunch of whiny garbage. It's rather sad that a once-talented CS writer is now reduced to jumping on the latest potential-tragedy-of-the-day for a subject.

Combating terrorism isn't about protecting against sophisticated attacks. It's about protecting against very cheap, very simple attacks that have wide-reaching effects. They are FAR more likely to backhoe a cable or bomb a server location than to try hacking into it.

Well said. Ed Yourdon was the credible, sensible, plain spoken champion of the Y2K hypefest. I'm not sure if he set out deliberately and cynically to use Y2K hype to scam his way into government circles, or whether he just got caught up in it and found himself having to escalate his predictions until he couldn't back out.

Let's get this straight: Ed Yourdon predicted that Y2K would be the end of the world. He changed his mind more often than his underwear, and he was always oh so careful never to predict specifics, but he gave vastly inflated credibility to all the doom mongers, and he assumed that any Y2K ready declaration not done by an independent auditor was a smokescreen. Every tiny report of a computer failure was turned into a "probable" indicator of coming failure. He turned absense of evidence into evidence of absense when it suited him, and vice versa.

The sad part was that he suckered a lot of gullible folks in. There's still people today eating through their Y2K stocks and weeping over their lost life savings, and a smaller number grubbing around on dirt farms and hand pumping water from wells who'll grit their teeth and tell you that they thank Ed for prompting them to move to a self-sufficient subsistence lifestyle. Oh yes, this is better than relying on all those fragile modern foibles like washing machines and shops. Grind. Oh yes. Grind, grind.

Don't get me wrong, those people were responsible for their own decisions, and Ed is not a bad man. But he was wrong about Y2K. He was major league wrong, and he stubbornly clung to his position that the dominoes would start falling any day now (yeah, there's that 1950's thinking again), all through 1998 and 1999, right up to December 1999. Only in the last couple of weeks did he do a complete U-turn and backpedal and dissemble like there was going to be a tomorrow, which rather makes me think that he genuinely did believe the delusional scenarios that he was pushing to government and to anyone else that would listen. And he did admit that he was wrong shortly into 2000, but it was "OK, I was wrong, BUT..." and then he was off on a completely new tack about how he had singlehandedly save the free world by fearmongering up to the rollover, and ensuring that nobody slacked off. All praise Saint Ed.

I don't blame Ed for the misery he caused, but I do blame him for being a stubborn old fool, and for creating his own little solipsistic dreamland where the world had to end, because Ed had said it would. When it failed, it was exactly like watching a religious cult falling apart when the leader absconds with the takings from the collection plate. There are still people on his Y2K discussion board claiming that there was a Y2K catastrophe, but we didn't notice because we'd all been drugged with chemtrails [carnicom.com].

So sure, buy and read this book if you like, but understand that Ed lost the plot about five years ago, and that anything he writes now must be treated as science fiction. Good old fashioned plain speaking science fiction, but utterly, completely untrustworthy.

The reason "Death March" is a good book is that he wrote it by asking a bunch of his hacker-manager buddies about the nature of impossible-to-complete projects, and wrapped some text of his own around the results. This polling-the masses approach added a reality check that he clearly needs (vis. any of his other books that make predictions about the future - the ones that are uniformly wrong).

He also notes with some pride that many companies survived the turmoil after the World Trade Center attack because they made so many preparations for the turn of the millennium.
Yeah. Those two extra bytes used to store the year are a good anti-terror measure.

Many years ago I read an entertaining science fiction book 'The Syndic' (Kornbluth) in which a saboteur was sent into a region in order to sow mayhem and fear. The problem he encountered was the target society was so free and chaotic that his actions were mistaken for the work of wild kids, the damage repaired immediately, and ignored. The greatest damage that can be done to a society is to induce them to actions that will harm themselves.

Hold on a minute... how do we know that/. doesn't have a backdoor built into to allow in the marketing dept for the book under review so that they can manipulate the moderation of the articles in this thread whichever way they think is best (pro or con the paranoia) to promote the sales of their book?

It doesn't have anything to do with hacking computers. The terms "online terrorism" and "cyberterrorism" are meaningless and maybe even insulting to victims of real terrorism.

Not necessarily. One of the goals of terrorism (IMO) is to disrupt the ordinary function of society. Society works because people have a certain amount of faith in the institutions, both of government and of the private sector, that make it work. People trust the authorities to manage law enforcement because of the checks in balances that give them faith in that system, they put their money in banks in the belief it will stay there, they use money because they believe its value is appropriately assessed according to relevant economic criteria, etc.

Those are just a few examples, but many of them rely on computers as part of their fundamental infrastructure. Take away faith in that infrastructure (by demonstrating its weaknesses, cracking being the most effective way of doing this) and you take away faith in the institutions they support. Society will cease to function, the economy will tank, and anarchy and chaos will ensue (any civilization is only three meals away from revolution).

That seems like a pretty foreseeable terrorist goal to me, what about you?

I'm sure many of you have played "Bullshit Bingo," AKA Buzzword Bingo, where you go to meetings and mark off words and phrases such as "Going Forward," "Core Business," "Changing Paradigms," etc.

How about a new one for playing in the car or reading the paper? Marking off stuff like cars that have fifteen american flags on them. Or reading some off the wall article that has sudden relevence because of the "Post-9/11 Era." Or discussing the way it is impacted by the "War on Terror."

Bonus points for stores that put "God Bless America!" signs up, not only in their windows but on that giant illuminated sign with the two golden arches on it.

Sorry to be overly cynnical; it's a nice thought... but it really seems to ringing hollow now. People have just gone on about their comporate business, even if they have "heightened insecurity" in their personal lives. This book probably has interesting info in it, but now everybody is marketing it with "a sense of urgency due to the new world we live in."

If I hear "In the wake of September 11th..." one more time, I'm gonna punch a broadcaster in the nose.

Now if you'll pardon me, in the wake of my bottled water and NutriGrain bar breakfast, I'm going to get a hot bowl of soup for lunch in downtown Cleveland.

yep, the only way people are going to stop all of this "in the wake of september 11th" stuff is if something bigger happens. Personally i just don't think a massive electronic attack is going to cut it. Bin Laden wants everyone to know about his stunts, and lets face it, DoS'ing some servers and bringing a few routers down is just not going to get as much media attention as something more trendy like anthrax. What he could do, is use the EMP from a nuke to dissrupt something, that would be like killing 2 metophorical birds with one lump of plutonium

...or do something that affects a lot of people, like trying to gradually introduce numerous small errors into the electronic trading systems, or a DOS of emergency communications systems coincident with a real-world attack.

Or, for that matter, being able to plant stories on the wire services could be interesting.

Not to take away from the interesting historical note here, but how many American companies shut down production to build the giant-ass war machine that we used to help crush Germany, sink enemies in the Pacific, or drop nukes on civilians in Asia?

Not that I'm some huge anti-war hippie, I would have probably made the same decisions if I were president... and for the most part, the ends justified the means for the allies... but you can't draw attention to ItSoShitty without looking at Frod, Gee-Ehm, et al for their "sins" as well.

Wake up!!! Smell the coffee - we've lost more people to car accidents since 9/11 than died in the blast. We haven't had a single follow on attack since. While we've supposedly been "coping" with 9/11, our government has been working to turn America into a police state where merely accessing a computer incorrectly can get you sentenced to death for "cyberterrorism" - as if such was comparable to killing people. Speaking of killing, what about the millions of children who have been dying in Africa - where's their tradgedy?

Oh wait, I'm sorry. I forgot - poor people don't matter. Bomb some third world country into oblivion, but don't dare fly a plane into a business or do something that would interrupt American corporate profit.

Seriously, folks, you need to deal with 9/11 and get over it. Bad things happen. Jesus saves. People in other countries face disasters like this on a daily basis; why is it that Americans seem to have such a hard time coping with this?. If 9/11 scares you, you need to make peace with your maker before you go bombing third world countries where the terrorists used to be.

If anything scares me, its that our government has been taking away our rights and no one seems to care. I thought more of Americans until after I saw the way they reacted to 9/11. A handful of buildings come down, and they are afraid.

While you do make some good points, I find your overtones of "evil American corporate greed" a little disturbing; it's been intoned in a lot of european posts and opinions I've seen as of late.

Also we're not afraid, we have crazy newsmedia who feed of fear and perpetrate FUD (fear, uncertainty and doubt) onto the masses. And unfortunately, what makes it over the pond is that media reporting, which kind of sucks.

Come over and visit sometime, and you will find that many of us more educated americans decry outlandish corporate greed when it surfaces (but it is not yet as pervasive as it outwardly appears), and we are definitely not "afraid" of terrorists. We're a proud, strong country with a majority of good people (if not smart people), and besides, we've got a lot of cool landmarks with nifty gift shops...

Heh. My situation is actually the mirror image of what this book discusses. I have been trying to find a way to exact some revenge (electronicallly) on somebody who has something coming to him (a real googly-eyed, drooling f*cktard). But I haven't been able to find any good ways to do this! (google, surprisingly, has been little help).

Any slashdotters have advice to help somebody who seeks a bit of online revenge?

Hey, the guy earned a name for himself in the days structured programming was the new buzz. Had his name on a lot of books talking about structured programming and system analysis.

Since then, he has deservedly lost his credibility.

I remember his Time Bomb 2000 LUSENET forum from the late 1997-1999. Full of kooks and nuts. Just the kind of folks who talked about commiting acts of domestic terrorism when the "gubmint" came knocking to take away their Y2K preps and put them into concentration camps with the rest of the "sheeple". Folks there talked about lynching public officials and all kinds of stuff like that. Most of them, including Yourdon, thought there would be massive Y2K disruptions.

When the clock turned over to year 2000, and TV was showing all the people having a great time in NYC Times's Square, and his "followers" were miffed over the lack of computer caused caos and disruptions they were NOT witnessing on TV, Yourdon was on line posting to his "followers" that the "powers that be" were probably rolling old film rather than providing real time coverage of all the Y2K disruptions to prevent public panic. What a joke.

This is the guy who wrote "The Decline and Fall of the American Programmer" in the 1980's, stating how US programmers were soon to be out of a job. Since then, jobs for programmers have boomed. He thought US programmers would be put out of work by the "software factories" of Japan and other countries. The guy is, IMO, a intelligent idiot.

Your-done-for, fearmonger to the masses, has squandered any good "karma points" he once had from the 70's or whenever selling fear and dread to whomever will listen to his latest spiel he's happy to offer along with some high paid consulting to "cope" and "manage" and "prepare". IMO, the guy needs some therapy for himself.

He's back selling a new bottle of snake oil in a book. Let him peddle his nonsense elsewhere.

The review was likely apt in that his platitudes and generalizations are vauge and nebulous. Just what a consultant like him selling over priced worthless "advice" to PHB and clueless managers that remember his name from their college days don't know any better than to buy.

This guy is an embarassment to IT. Surely there are better books by better authors with better things to say with a better track record of why we should pay attention to what they have to say. Geeze, folks. Time to put a cork in this geezers yap hole already.

...but I knew I should have bought stock in a flag-making business on September 10th...

Now, it's obvious the government wants their citizenry in a perpetual state of fear -- it's the best way to get extremely high approval ratings. We already know they fiddle with statistics, and keep their pockets wide and ears open in case anyone wants to drop in a few coins. I wonder if they even go as far as encouraging the writing of particular books... there are always theories about how Tom Clancy gets served up "information" for his scribblings.

Nah, I think in this case, it's simple capitalism, and someone wanting to cash in. After all, a whole real-time industry is based on the same... and no amount of "defence" is going to stop a determined man taking his life and others with him.

To stop yourself being harmed, earn the respect of as many people as possible, and so reduce the number of enemies. Ask yourself why Mother Teresa didn't go around in a bullet-proof car, but the Pope does. Ask yourself why Mo Mowlam (UK) had her bodyguards taken away within 6 months of ending her office in Northern Ireland, but hasn't yet been shitted on by dissident groups. Now ask yourself why Sharon, Arafat and Bush have a million men lining up to chop 'em.

"My answer was: The machines crash every day. Why should it matter if it happens on December 31st?"
It didn't occur to anyone in our much feared power plants that... if Y2K caused their computers to go crazy they could just set back their clocks.? We do it with shareware when it goes "bad," and it's not the end of the world:)

I never once heard this fix mentioned in the media when Y2K was coming, but I know that it would occur to engineers as soon as their computers went crazy...

Anyway, this is different from the issues with banking software and automatic mailers, but that's not life-threatening. Actually, nothing related to remotely hack-able computers can be fully life-threatening. You can always override the system or just unplug it from the network and have someone physically push the "FIRE" button the day we need to use the missiles.

But our wars will never be fought by robots or computers, only by humans who use them to be more efficient, and who should care a bit more about not letting their technology be captured by the enemy.

It didn't occur to anyone in our much feared power plants that... if Y2K caused their computers to go crazy they could just set back their clocks.?

Nope. Your grid control systems (not to mention the trading and financial systems behind the power operations systems) wouldn't be able to sync up time correctly in a timely manner.

imagine telling everyone that they need to turn their clocks back a given amount at approximately the same time. oh, wait -- that never happens during DST clock changes, does it?;^)

anyway, the confusion that would ensue, when individual entities associated with the grid would manage not to do the conversion correctly (and believe me, the proliferation of systems is amazing) would have crippled the power companies' ability to manage the grid, keep power flowing between generators and to consumers.

My answer was: The machines crash every day. Why should it matter if it happens on [insert-date-here]?

It matters because, while machines crash every day, they don't generally crash at predetermined times and in large numbers. Multiple computers (possibly serving as backups for each other) that are systematically "scheduled" to crash at or around the same time clearly have a larger impact than isolated, random, daily crashes.

Consider the analogy of cars breaking down. It happens all the time and any one incident is easily worked around. However, if there is reason to believe that a large number of cars are all going to stop working at the same time or around the same location, it could result in traffic gridlocks or blocking essential services.

By insinuating that the Y2K problem was a scam by consultants to make money by scaring everyone, you do the security and Y2K consultants a huge disservice. Y2K was a REAL problem, and the reason that absolutely nothing happened was because thousands of people did their jobs very very well to fix the problems before the deadlines.

There is no such thing as 'online terrorism'. Period. Terrorism is a term with a well-defined meaning. American politicians and pundits have already misused many words (see "freedom", "democracy") to the point where they basically have no meaning any longer; they are merely cues which are used to evoke a vague emotional response of 'GOOD' or 'BAD' in a sheeplike populace. Let's please NOT take the word 'terrorism' and redefine it to mean "anything we don't like", ok? And how bout we stop tolerating those who use a single act of terrorism as a convenient excuse to destroy civil liberties and recreate America as a paranoid police state while we're at it?

Two things which closet fascists would like to see defined as 'terrorism': (1) hacking, (2) kids in balaclavas throwing rocks through Niketown's windows. Both are vandalism. Let's try to keep some sense of perspective here... terrorists use munitions, and terrorists kill.

The whole concept of a "post-9/11" reality is in itself absurd. Terrorism has always existed, and will continue to exist. The fact that it has reared its ugly head in our insular, uneducated, and delusional country changes *nothing* except the playing field, i.e. we can no longer ignore it to the extent we traditionally have... and besides, where was our outrage when *we* were inflicting terrorism on others? (cf Cambodia, Panama, etc).
This pathetic pandering attempt to attach the 'terrorism' moniker to anything we want to get the sheep riled up against is deplorable.
I'll believe in on-line terrorism when some kid uses his computer to launch a nuclear weapon... until then it is all propaganda.

It'll work again. You would have thought he made enought money out of Y2K to retire and spare us the histrionics about what is day to day standard computer work. About the only use it could be is to scare the managers into actually doing something about a problem that is often raised and then completely ignored, unless some snake oil salesman makes it sound like the world is about to end.